Malware Analysis: How to Decode JavaScript Obfuscation

When performing malware analysis one of the techniques the bad guys uses to hide their code is obfuscation. What this means is that the program is hidden or obscured to make malware analysis much more difficult. You didn’t think they would make it easy on you did they?  🙂

I found a good intro to javascript malware analysis and video on the HIR Information Report website. It shows you one method (the Tom Liston Method) on how to take obfuscated code that looks like this:

And decode it so you get the original Javascript, like this:

Excellent article, check it out!

One thought on “Malware Analysis: How to Decode JavaScript Obfuscation”

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.